On Dec 21, 2009, at 4:10 PM, Jeremy O'Brien wrote:
> I would guess this too, except the same capture works fine when not capturing live, and wireshark correctly dissects the protocol in the middle pane in live mode and on static dump files. It just highlights the bytes in the bottom pane incorrectly while the live session is taking place, which makes no sense to me at all.
When a live capture is in progress, each packet is dissected when it arrives. There could be code that's assuming that the only frame being dissected is the one that's selected, and if you select one frame (causing it to be dissected), and then another frame is read in and dissected before you click on a field in the selected frame, the highlighting code might be assuming that the selected frame is the last one that was dissected.
